From 16a9df5a7ac4145e276d97a70e20cdee1ac15e34 Mon Sep 17 00:00:00 2001
From: Michael Krotscheck <krotscheck@gmail.com>
Date: Mon, 20 Apr 2015 17:48:15 -0700
Subject: [PATCH] Added refstack user.

Creates a user under which the refstack process will run.
---
 manifests/api.pp    |  3 ++-
 manifests/params.pp |  6 +++++-
 manifests/user.pp   | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 manifests/user.pp

diff --git a/manifests/api.pp b/manifests/api.pp
index 8de7c81..9f3e50b 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -17,7 +17,8 @@
 # This class installs the refstack API so that it may be run via wsgi.
 #
 class refstack::api () {
-  require refstack::params
+  require ::refstack::params
+  require ::refstack::user
 
   # Import parameters into local scope.
   $python_version         = $::refstack::params::python_version
diff --git a/manifests/params.pp b/manifests/params.pp
index c8bcd27..62c2443 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -20,7 +20,11 @@ class refstack::params (
   $python_version = '2.7',
 
   # Source and install directories.
-  $src_api_root   = '/opt/refstack-api'
+  $src_api_root   = '/opt/refstack-api',
+
+  # The user under which refstack will run.
+  $user           = 'refstack',
+  $group          = 'refstack',
 ) {
 
   # Resolve a few parameters based on the install environment.
diff --git a/manifests/user.pp b/manifests/user.pp
new file mode 100644
index 0000000..a77bf0f
--- /dev/null
+++ b/manifests/user.pp
@@ -0,0 +1,37 @@
+# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: refstack::user
+#
+# Sets up the refstack user.
+#
+class refstack::user () {
+  require refstack::params
+
+  # Import parameters into local scope.
+  $user         = $::refstack::params::user
+  $group        = $::refstack::params::group
+
+  group { $group:
+    ensure               => present
+  }
+
+  user { $user:
+    ensure     => present,
+    groups     => [$group],
+    managehome => true,
+    shell      => '/bin/bash',
+    require    => Group[$group]
+  }
+}